Failure of x509_util::ParseDate() is inconsistently checked |
||
Issue descriptionThere is an NSS and OpenSSL flavor of this function. The OpenSSL version returns a bool[1] The NSS version does not [2] I haven't fully explored the callers, but it is sketchy that NSS would just DCHECK on this failure. Also pretty sketchy is that there are callers using the OpenSSL flavor that does not check the error, even though this version of the function does have it: x509_certificate_openssl.cc [5] Other callers of these functions, which assume no failure mode: x509_certificate_ios.cc [3] x509_certificate_nss.cc [4] I think these should be consistently checking and propagating the error everywhere. Both in OpenSSL and NSS versions, and in all the callsites. WARN_UNUSED_RESULT would be good. [1] https://code.google.com/p/chromium/codesearch#chromium/src/net/cert/x509_util_openssl.cc&q=x509_util::ParseDate&sq=package:chromium&dr=Ss&l=272 [2] https://code.google.com/p/chromium/codesearch#chromium/src/net/cert/x509_util_nss_certs.cc&q=x509_util::ParseDate&sq=package:chromium&dr=Ss&l=156 [3] https://code.google.com/p/chromium/codesearch#chromium/src/net/cert/x509_certificate_ios.cc&l=66 [4] https://code.google.com/p/chromium/codesearch#chromium/src/net/cert/x509_certificate_nss.cc&q=x509_util::ParseDate&sq=package:chromium&dr=C&l=33 [5] https://code.google.com/p/chromium/codesearch#chromium/src/net/cert/x509_certificate_openssl.cc&q=x509_util::ParseDate&sq=package:chromium&dr=C&l=216
,
Mar 16 2018
This was resolved during the use_byte_certs work. (x509_util::ParseDate is no more, and x509_certificate.cc checks the result of parsing the date with the new function.) |
||
►
Sign in to add a comment |
||
Comment 1 by rsleevi@chromium.org
, Apr 8 2016